19522 matches found
CVE-2026-7446
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
CVE-2026-7446
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
PT-2026-36030
Name of the Vulnerable Software and Affected Versions VetCoders mcp-server-semgrep version 1.0.0 Description Remote OS command injection is possible within the MCP Interface component in the file src/index.ts. The issue occurs when the ID argument is manipulated, affecting the functions analyze...
PT-2026-36034
A vulnerability was detected in Tenda 4G300 US 4G300V1.0Mt V1.01.42 CN TDC01. This impacts the function sub 425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...
Amazon ECS Container Agent 操作系统命令注入漏洞
Amazon ECS Container Agent is an open-source elastic container service agent software developed by Amazon Web Services. Versions of Amazon ECS Container Agent prior to 1.103.0 contained an operating system command injection vulnerability. This vulnerability stems from improper handling of OS...
CVE-2026-7443
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
EUVD-2026-26300
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
CVE-2026-7443
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
CVE-2026-7416
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...
CVE-2026-7416
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...
CVE-2026-7416
Summary: CVE-2026-7416 affects PolarVista xcode-mcp-server 1.0.0, specifically the MCP Interface’s build_project/run_tests in src/index.ts. The vulnerability arises from manipulating the Request argument, enabling an OS command injection. The advisory notes remote feasibility and public disclosur...
CVE-2026-7241
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...
CVE-2026-7157
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...
CVE-2026-7240
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...
CVE-2026-7122
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...
CVE-2026-7139
A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...
PT-2026-36017
Name of the Vulnerable Software and Affected Versions PolarVista xcode-mcp-server version 1.0.0 Description An OS command injection issue exists in the MCP Interface component within the build project/run tests function of the src/index.ts file. This flaw allows a remote attacker to execute...
Exploit for Command Injection in Github Enterprise_Server
ExploitCVE-2026-3854 CVE-2026-3854 is a Remote Code Executio...